Webinar takeaway: Setting the Trap – Crafty Ways the Bad Guys Trick Your Users to Own Your Network

My key takeaways

• Hafnium exploited the vulnerability shortly after M$ showed it in the MAP program group. Coincidence?
• A DC usually runs DNS, so easy to find for an attacker
• patch before the FBI will do it for you
• pretexting might be even more effective then phishing
  • example: Teenager compromised Twitters god mode panel through calling twitter employees in 2020
• "Cialdini’s Principles of Persuasion" needed for pretexting
  1. Reciprocation
  2. Commitment & Consistency
  3. Social Proof
  4. Liking
  5. Authority
  6. Scarcity
  7. Unity
• Social engineering pro tip: let your target know what information you already have, will make you more believable and give authority
• Kevin Mitnick's warning about the "Darkside" group
  • looking up insurance policies to understand limits for ransom
  • offering day traders to sell shorts on victim
• Demo "Exchange" (Hafnium)
• Demo "VM VSphere Vcenter"
  • Target of this attack: steal a snapshot of memory of the DC to offline extract credentials from it, using windows debugger and mimikatz
  • Vcenter should be internal, not internet facing. Mitigate risk by putting it behind an additional VPN
  • Bad actors phish local workstation and the proxy through it to Vcenter. Mitigate by segmenting your network properly

Env

• Provided by KnowBe4
• Presenter:
  • Kevin Mitnick
  • Perry Carpenter

additional links

• Pretexting masterpiece according to Kevin Mitnick: